ui-eholdings has a dependency on vulnerable underscore but is not affected.
Steps to Reproduce:
reports that FOLIO ships with a vulnerable version of underscore.
All underscore versions from 1.3.2 to 1.12.0 are affected because they contain an Arbitrary Code Execution via the template function: https://nvd.nist.gov/vuln/detail/CVE-2021-23358
Running yarn why underscore against platform-complete yields
However, binary-search-tree doesn't use underscore: https://github.com/louischatriot/node-binary-search-tree/pull/16
Therefore FOLIO is not affected by this vulnerability.